lark-doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires extracting tokens from document tags and embedding them as parameters (e.g., --doc "token" or mapped token fields) when calling other skills/CLI commands, which forces the LLM to include secret token values verbatim in outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflows (e.g., references/lark-doc-fetch.md and SKILL.md) instruct the agent to run docs +fetch on arbitrary doc URLs/tokens and to download/ingest linked resources (e.g., / URLs via HTTP GET) and to extract embedded tokens/blocks (e.g., , , ) that drive automated handoffs and actions, which clearly ingests untrusted user-generated third‑party content as part of its decision-making flow.